Changeset 96354 in webkit
- Timestamp:
- Sep 29, 2011 1:45:52 PM (13 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
runtime/Structure.cpp (modified) (1 diff)
-
runtime/Structure.h (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r96347 r96354 1 2011-09-29 Filip Pizlo <fpizlo@apple.com> 2 3 Structure transitions involving many (> 64) properties sometimes cause structure corruption 4 https://bugs.webkit.org/show_bug.cgi?id=69102 5 6 Reviewed by Darin Adler. 7 8 Made m_offset an int instead of a signed char. Changed the code to ensure that transitions 9 don't lead to the dictionary kind being forgotten. 10 11 * runtime/Structure.cpp: 12 (JSC::Structure::Structure): 13 * runtime/Structure.h: 14 1 15 2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com> 2 16 -
trunk/Source/JavaScriptCore/runtime/Structure.cpp
r96346 r96354 203 203 , m_propertyStorageCapacity(previous->m_propertyStorageCapacity) 204 204 , m_offset(noOffset) 205 , m_dictionaryKind( NoneDictionaryKind)205 , m_dictionaryKind(previous->m_dictionaryKind) 206 206 , m_isPinnedPropertyTable(false) 207 207 , m_hasGetterSetterProperties(previous->m_hasGetterSetterProperties) -
trunk/Source/JavaScriptCore/runtime/Structure.h
r96346 r96354 238 238 bool isValid(ExecState*, StructureChain* cachedPrototypeChain) const; 239 239 240 static const signed chars_maxTransitionLength = 64;241 242 static const signed charnoOffset = -1;240 static const int s_maxTransitionLength = 64; 241 242 static const int noOffset = -1; 243 243 244 244 static const unsigned maxSpecificFunctionThrashCount = 3; … … 265 265 266 266 // m_offset does not account for anonymous slots 267 signed charm_offset;267 int m_offset; 268 268 269 269 unsigned m_dictionaryKind : 2;
Note: See TracChangeset
for help on using the changeset viewer.
